Date: Tue, 25 Jun 1996 22:39:18 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: joerg_wunsch@uriah.heep.sax.de Cc: freebsd-hackers@FreeBSD.ORG, danny@auscert.org.au Subject: Re: No comment character in hosts.equiv Message-ID: <199606251240.FAA21976@freefall.freebsd.org> In-Reply-To: <199606250802.KAA17967@uriah.heep.sax.de> from "J Wunsch" at Jun 25, 96 10:02:37 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from J Wunsch, sie said: > > As Danny Smith wrote: > > > > Wrong. FreeBSD has a comment char. > > > OK, I verified this on our 2.0.5 test system before mailing. Looks like I > > may have been hit by the "checking the previous version" problem. > > FreeBSD 2.0.5 shipped with commented-out entries in hosts.equiv and > the sample .rhosts files that caused DNS lookup timeouts (since names > starting with a hash mark were looked up). After realizing this, the > comment-character logic was braught in. > > Anyway, commented-out entries normally don't constitute a security > hole (unless a potential intruder can manipulate DNS to get the wrong > name as an alias for his host). I'd warn against this: FreeBSD is thus different to most other OS's and suggests security practices which are not safe in all circumstances. I know some things are "nice" and yes, "lets be different", but for christ sake, sometimes this just goes too far.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251240.FAA21976>